SPEAK(a)R

Researchers from Ben-Gurion University in Israel have created a frightening program called Speake(a)r. It demonstrates how hackers can take over a computer and record audio. This is possible even when a person has removed or disabled the computer’s microphone.

In a paper titled: SPEAKE(a)R: Turn Speakers to Microphones for Fun and Profit [PDF], the researchers give details on their experiment. It seems to work with any speaker including a range of devices, like headphones and loudspeakers.

The primary goal of a speaker is to project audio outward, but the researchers change this, so it amplifies audio inward, like a microphone. Loudspeakers convert electrical signals to a sound waveform, while microphones transform sounds into electrical signals.

Via: https://arxiv.org/pdf/1611.07350.pdf

Re-tasking a loudspeaker in this fashion involves computer code that converts air vibrations (sound) into electrical signals to pick up audio. Mordechai Guri, the lead researcher at Ben Gurion’s Cyber Security Research Labs, said:

“People don’t think about this privacy vulnerability. Even if you remove your computer’s microphone, if you use headphones you can be recorded.”

The team uploaded a video to YouTube, which you can watch below:

Headphones Hack

The team goes beyond just reverse engineering to convert audio to electrical signals. The program they use takes advantage of a feature of RealTek audio codec chips. It secretly takes the computer’s output channel and turns it into an input channel. This lets it record audio even if the headphones use an output-only jack.

These RealTek chips are ubiquitous, so the hack works on virtually all computers. It’s not specific to operating systems, so it works on Windows and MacOS.

Via: https://arxiv.org/pdf/1611.07350.pdf

In a partially declassified document by the NSA in 2000, it reveals a guide take into account these “red/black” security issues when installing equipment.

“…the speakers in paging, intercom and public address systems can act as microphones and retransmit classified audio discussions out of the controlled area via the signal line distribution.”

(NSTISSAM TEMPEST/2-95, RED/BLACK INSTALLATION)

So the security community has known about these hacks for some time. What makes Speake(a)r different is that disabling or even physically removing your laptop’s microphone isn’t enough. You also need to deal with the audio input too.

In their tests, the researchers tried the audio hack with a pair of Sennheiser headphones. They could record from as far as 20 feet away, compress the recording and send it over the internet, and still pick out the words spoken by a male voice. “It’s very effective,” says Guri. “Your headphones do make a good, quality microphone.

Solution

Guri goes on to say that there isn’t an easy software patch for this hack. The feature of RealTek audio chips that lets a program switch an output channel to input isn’t a bug. The only way to fix it is to redesign the chip and replace the older versions.

Via: https://arxiv.org/pdf/1611.07350.pdf

Unless you’re a person working in a highly-sensitive career, such as a governmental job, you probably don’t need to worry about being a victim of hacks like this, YET… However, if you would like to prevent this from happening now, you’ll have to disable all audio output AND input.